TIPS How to 'expose' a PIAF PBX server to the internet?

[Robert.Thompson]

Hello:

I have a laptop setup as a dedicated PBX with a fresh, untouched install of:
Incredible PBX 13-12.2 for Scientific Linux
Asterisk 13.7.0 Incredible GUI 12.0.30

This laptop is connected, by wire, to my Bell Canada Fibe router.

The IP address of the router is: 70.54.XXX.XXX

The IP address of the PBX is: 192.168.2.20

(Note: I do have a fully functioning PIAF PBX living on a Digital Ocean server that is used daily by 4 or 5 people.)

My problem is that I know (at least, I am pretty sure) that my PBX is not 'on the Internet' as is my D/O server.

I have looked into 'port forwarding' and see that I can set it up on my router, BUT, I don't understand how to use that to get into my PBX's GUI.

Are there any 'Nerd' or other tutorials on how to do expose your PBX to the Internet?

Any suggestions would be appreciated.

Rob.(terminology-challenged)

 

[Asher]

My first inclination is DON'T.

Having said that, to use the PBX to make and receive calls, you should not have to do anything to the router. The PBX initiates the conversation with your SIP provider.

To be able to admin from the internet, install a SSL cert on the PBX and forward port 443 from the router to the PBX internal IP.

 

[islandtech]

Setup a VPN server on the router, then you will have access to the PBX and every device behind the router

 

[Robert.Thompson]

My first inclination is DON'T.

Having said that, to use the PBX to make and receive calls, you should not have to do anything to the router. The PBX initiates the conversation with your SIP provider.

To be able to admin from the internet, install a SSL cert on the PBX and forward port 443 from the router to the PBX internal IP.

Hi Asher:

Right now, while at home, I can use FireSSH to login as root at 192.168.2.20 port 22. I can enter the GUI by pointing my browser to 192.168.2.20.

Are you saying the I must "install a SSL cert on the PBX" to gain access from, say, Starbucks or where ever?

If so, how do I "install a SSL cert on my PBX" ?

Thanks,

Rob.

 

[Asher]

You have your PBX installed and available on port 80? That is nuts. islandtech's suggestion is the best one. Set up a VPN server and do not expose your PBX to the internet.

 

[markrmcs]

Hi Asher:

Right now, while at home, I can use FireSSH to login as root at 192.168.2.20 port 22. I can enter the GUI by pointing my browser to 192.168.2.20.

Are you saying the I must "install a SSL cert on the PBX" to gain access from, say, Starbucks or where ever?

If so, how do I "install a SSL cert on my PBX" ?

Thanks,

Rob.

Rob,

I'm not trying to be flip, but if you ask "How do I install an SSL cert on the PBX" you need research more about SSL and security in general. I would highly suggest that you follow the advice of the other posters and go the VPN route, or SSH with keypairs.

 

[Robert.Thompson]

Rob,

I'm not trying to be flip, but if you ask "How do I install an SSL cert on the PBX" you need research more about SSL and security in general. I would highly suggest that you follow the advice of the other posters and go the VPN route, or SSH with keypairs.

Thanks Mark, and I don't think that you are being flip...

My problem is that there are nerd tutorials on how to setup an old computer with PIAF but there are no step by step tutorials on how actually use it. Example: My router has a public ip but my PBX has a private ip (192.168.2.20) How do I register my Yealink phone to an extension on the PBX? The registration requires the ip of my "SIP Server" , which is 192.168.2.20?

What am I missing? (please try to be gentle.)

Rob.

 

[Asher]

You register the phone to the PBX IP, which should be internal. Nothing should lead back to the PBX from the outside world.